Mobile represents a highly profitable channel for businesses, one that is critical in attracting new customers as well as retaining existing ones. A Cisco report on mobile growth projected that there will be 5.5 billion global users by 2020, up from 4.8 billion in 2015. Meanwhile, a Forrester Research blog stated that average users interact with their devices up to 200 times per day — amounting to a total of nearly 30 billion mobile moments per day.
Frozen in the Headlights of Mobile-Related Fraud
The benefits of the mobile channel are obvious, including easy, intuitive, on-the-go access to a number of services, such as communication, shopping, online gaming, health care and banking. However, these benefits also open the door to potential fraud — leaving both end users and organizations frozen like a deer in headlights.
During a recent American Banker-sponsored IBM webinar, participants were asked to provide some insight on the level of mobile-related fraud their organizations experience. The results were staggering:
- One-quarter stated that they “have no mobile-related fraud.”
- Seventeen percent stated that they “are not actively monitoring mobile threats.”
Over 40 percent said that mobile-related fraud is not their top concern, which could be due to the following reasons:
- Their end users are not being targeted by mobile malware and therefore are not experiencing mobile fraud.
- They have limited insight into the mobile channel, meaning that they may currently have a problem of which they are completely unaware.
Acknowledging the Problem
Additionally, over 40 percent of respondents acknowledge that they experience mobile-related fraud and are therefore taking the necessary precautions. This should come as no surprise, since 64 percent of organizations that participated in a recent IDG survey reported that mobile is a high priority.
More than half of respondents said that security is “a critical/high-priority concern,” specifically as it relates to mobile. However, 13 percent stated that they do not have mobile-specific visibility. Organizations are not yet individually tracking the various access channels and are assessing the digital channel (both web and mobile) as a whole.
Mobile Security Questions to Consider
Organizations looking to embrace the continuous rise in mobile engagement are faced with security-related questions that may have a direct impact on their capabilities to better detect compromised or vulnerable mobile devices and reduce fraud.
Can We Rely on Built-In Security Controls?
Organizations rely on existing, built-in systems and controls to address the challenges of mobile or cross-channel fraud involving mobile devices. They may be aware of the growing fraud, but because they can’t see the impact within their organizations, they put their faith in existing solutions and delay taking additional steps.
Is Mobile Malware Still in Its Infancy?
Many organizations still consider mobile fraud to be in its infancy and as a result hold off making short- and long-term strategic decisions. This situation, however, cannot remain stagnant and needs to be regularly re-evaluated — sometimes in the face of new security guidelines — as the threat landscape changes.
Is Mobile Security a Top Priority?
For many years, businesses tended to view mobile fraud loss as acceptable and prioritized customer experience, service availability and ease of use over security. This position may have stemmed from the perception that mobile security and a seamless customer experience were mutually exclusive. Businesses that fail to monitor, track and proactively push for customer awareness on the potential risks of the mobile channel may be missing the bigger picture.
Stop Fraud in Its Tracks
The solution you choose to implement to address the challenges listed above should not only cover advanced mobile fraud capabilities, but also correlate a wide range of critical fraud indicators, including malware infections, phishing attacks, compromised credentials and advanced evasion methods. That includes real-time mobile channel risk assessment that helps stop fraud in its tracks while mitigating the risk on the endpoint.